CVE-2018-18656

Name of the Vulnerable Software and Affected Versions PureVPN client versions prior to 6.1.0

Description The issue concerns the storage of login credentials in cleartext. Specifically, the username and password are stored in a file located at %PROGRAMDATA%purevpnconfiglogin.conf. This file is readable by all local users, which poses a security risk.

Recommendations For versions prior to 6.1.0, update to version 6.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the %PROGRAMDATA%purevpnconfiglogin.conf file to minimize the risk of exploitation.